angularjs - ngSanitize does not seem to be removing harmful tags -


i have written code below clean html before sending server,

    /**        * takes html input      */     function _cleanhtml(html) {         var newhtml = html;         try {             newhtml = $sanitize(html);         } catch (error) {             // exceptions         }         return newhtml;      } 

the returned string still has script tags , tags <img src=x onerror=alert()>. why not removing these tags?


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -